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Claims 

1. A method of performing authentication of a 

5 subscriber during a subscriber equipment terminated call, 
comprising the steps of 

sending a session invitation message (S4, S5) to the 
subscriber equipment, the session invitation message 
including authentication information (AuthDatal) , and 
10 performing an authentication procedure in the 

subscriber equipment by using the authentication 
information. 

2. The method according to claim 1, further comprising 
15 the step of 

sending a response message ( S 6 ) as a response to the 
session invitation message from the subscriber equipment 
to the network, the response message including a result 
(AuthData2) of the authentication procedure. 

20 

3. The method according to claim 2, further comprising 
the step of 

verifying (S8; S7b; S8c) the authentication 
procedure result (AuthDataZ) in a network control 
25 element. 

4. The method according to claim 3, further comprising 
the step of 

forwarding (S9) the response message of the 
30 subscriber equipment to an originating entity initiating 
the session invitation without the result of the 
authentication procedure in case of a positive 
verification (SB; S7b; S8c) . 
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5. The method according to claim 3, further comprising 
the step of 

forwarding a failure message to an originating 
entity initiating the session invitation in case of a 
5 negative verification (SS; S7b; SSc) . 

6. The method according to claim 1, wherein in the 
network the SIP (Session Initiation Protocol) protocol is 
adopted as a control protocol, 

10 

7. The method according to claim 6, wherein the session 
invitation message is a SIP INVITE request including an 
authentication header field. 

15 8, The method according to claim 6, wherein the 

response message is a SIP response message including an 
authorization header field. 

9. The method according to claim 3, wherein the 

20 verifying step (S3) is performed in a network control 

element which serves as an originating entity initiating 
the session invitation. 

10, The method according to claim 3, wherein the 

25 verifying step (S7a) is performed in a network control 
element which serves the subscriber equipment. 

11. The method according to claim 3, wherein the 
verifying step (S8c) is performed in an authentication 

30 center. 

12, The method according to claim 1, further comprising 
the step of 

sending a response message (S6a) as a response to 
35 the session invitation message from the subscriber 
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equipment to the network, the response message including 
a result (AuthData2) of the authentication procedure and 
network authentication information (AuthData3) which is 
used by the subscriber equipment to perform an 
5 authentication of the network, 

13. The method according to claim 12, further comprising 
the steps of 

determining (Sll) a network authentication result 
10 (AuthData4) in response to the network authentication 
information (AuthData4) by the network, 

sending (S12) the network authentication result 
(AuthData4) to the subscriber equipment, and 

verifying (S13) the network authentication result 
15 (AuthData4) in the subscriber equipment. 

14- The method according to claim 3, wherein the 
authentication procedure performing step and the 
verification step (SS; S7b; S8c) are repeated a 
20 predetermined number of times, wherein different 
authentication information (AuthDatal) are used. 

25. A network system comprising a subscriber equipment 

and at least one network control element, wherein/ during 
25 a subscriber equipment terminated call, 

the network control element is adapted to send a 

session invitation message to the subscriber equipment, 

the session invitation message including authentication 

information (AuthDatal) , and 
30 the subscriber equipment is adapted to perform an 

authentication procedure by using the authentication 

information . 

16, The network system according to claim 17, wherein 
35 the subscriber equipment is adapted to send a response 
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message as a response to the session invitation message 
to the network, the response message including a result 
(AuthData2) of the authentication procedure, 

5 17, The network system according to claim 16, wherein 
the network control element is adapted to verify the 
authentication procedure result (AuthData2) . 

IS. The network system according to claim 17, wherein 
10 the network control element is adapted to forward the 
response message of the subscriber equipment to an 
originating entity initiating the session invitation 
without the result of the authentication procedure in 
case of a positive verification, 

15 

19. The network system according to claim 17, wherein 
the network control element is adapted to forward a 
failure message to an originating entity initiating the 
session invitation in case of a negative verification. 

20 

20. The network system according to claim 15, wherein in 
the network the SIP (Session Initiation Protocol) 
protocol is adopted as a control protocol 

25 21. The network system according to claim 20, wherein 
the session invitation message is a SIP INVITE request 
including an authentication header field. 



22* The network system according to claim 20, wherein 
30 the response message is a SIP response message including 
an authorization header field. 



23, The network system according to claim 17, wherein 
the network control element performing the verification 
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is adapted to serve an originating entity initiating the 
session invitation . 

24. The network system according to claim 17, wherein 

5 the network control element performing the verification 
is adapted to serve the subscriber equipment. 

25. The network system according to claim 17, wherein 
the network control element performing the verification 

10 is an authentication center. 

26. The network system according to claim 15, wherein 
the subscriber equipment is further adapted to send a 
response message as a response to the session invitation 

15 message from the subscriber equipment to the network^ the 
response message including a result (AuthData2) of the 
authentication procedure and network authentication 
information (AuthData3) which is used by the subscriber 
equipment to perform an authentication of the network. 

20 

27. The network system according to claim 26, wherein 
the network control element is further adapted to 
determine a network authentication result (AuthData4) in 
response to the network authentication information 

25 (AuthData4) and to send the network authentication result 
(AuthData4) to the subscriber equipment, and 

the subscriber equipment is adapted to verify the 
network authentication result (AuthData4) , 

30 28- The network system according to claim 17,. wherein 

the network control element and the subscriber equipment 
are adapted to repeat the authentication procedure and 
the verification for a predetermined number of times, 
wherein different authentication information (AuthDatal) 

35 are used. 
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29. A network control element, wherein, during a 
subscriber equipment terminated call, the network control 
element is adapted 

5 to send a session invitation message to the 

subscriber equipment, the session invitation message 
including authentication information. 

30. The network control element according to claim 29, 
10 wherein the network control element is adapted to receive 

a response message as a response to the session 
invitation message from a subscriber equipment, the 
response message including a result of an authentication 
procedure performed by the subscriber equipment. 

15 

31. The network control element according to claim 30, 
wherein the network control element is adapted to verify 
the authentication procedure result. 

20 32. The network control element according to claim 31, 

wherein the network control element is adapted to forward 
the response message of the subscriber equipment to an 
originating entity initiating the session invitation 
without the result of the authentication procedure in 

25 case of a positive verification. 

33. The network control element according to claim 31, 
wherein the network control element is adapted to forward 
a failure message to an originating entity initiating the 

30 session invitation in case of a negative verification. 

34. The network control element according to claim 29, 
wherein in the network the SIP (Session Initiation 
Protocol) protocol is adopted as a control protocol, 



35 
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35. The network control element according to claim 34, 
wherein the session invitation message is a SIP INVITE 
request including an authentication header field. 

5 36. The network control element according to claim 34, 
wherein the response message is a SIP response message 
including an authorization header field. 

37. The network control element according to claim 31, 
10 wherein the network control element performing the 

verification is adapted to serve an originating entity 
initiating the session invitation . 

38. The network control element according to claim 31, 
15 wherein the network control element performing the 

verification is adapted to serve the subscriber 
equipment . 

39. The network control element according to claim 29, 
20 wherein the network control element is adapted determine 

whether it has to perform a verification of the 
authentication or not, 

40. The network according to claim 39, wherein the 
25 network control element is adapted to, in case the 

network control element does not have to perform the 
verification, forward a scheduled result (AuthResp) to a 
second network control element by including the scheduled 
result into the session invitation message. 



30 



42, The network according to claim 40, wherein the 
network control element is adapted, in case the network 
control element has to perform the verification, 
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to receive the scheduled result (AuthResp) from 
another network control element, wherein the scheduled 
result is included in the session invitation message, 

to extract the scheduled result (AuthResp) from the 
5 session invitation message and to forward the session 
invitation message withdut the scheduled result 
(AuthResp) to the subscriber equipment, and 

to verify the authentication result (AuthData2) with 
a scheduled result (AuthResp) . 

10 

43. The network control element according to claim 29, 
wherein the network control element is further adapted to 
receive a response message from the subscriber equipment, 
the response message including a result (AuthData2) of 
15. the aurhent icarion procedure and network authentication 
information (AuthData3) which is used by the subscriber 
equipment to perform an authentication of the network. 

44* The network system according to claim 43, wherein 
20 the network control element is further adapted to 

determine a network authentication result (AuthData4) in 
response to the network authentication information 

(AuthData4) and to send the network authentication result 

(AuthData4) to the subscriber equipment - 

25 

45. The network system according to claim 31, wherein 
the network control element is adapted to repeat the 
verification for a predetermined number of times, wherein 
different authentication information (AuthDatal) are 

30 used. 

46. A subscriber equipment which is adapted to be 
connected to a network, and, during a subscriber 
equipment terminated call, 
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to receive a session invitation message from the 
network, the session invitation message including 
authentication information, and 

to perform an authentication procedure by using the 
5 authentication information. 



47. The subscriber equipment according to claim 46, 
wherein the subscriber equipment is adapted to send a 
response message as a response to the session invitation 
10 message to the network, the response message including a 
result of the authentication procedure. 



43, The subscriber equipment according to claim 47, 
wherein in the network the SIP (Session Initiation 
15 Protocol) protocol is adopted as a control protocol- 

49. The subscriber equipment according to claim 48, 
wherein the session invitation message is a SIP INVITE 
request including an authentication header field. 

20 

50. The subscriber equipment according to claim 49, 
wherein the response message is a SIP response message 
including an authorization header field. 

25 51. The subscriber equipment according bo claim 46, 

wherein the subscriber equipment is further adapted to 
send a response message as a response to the session 
invitation message from the subscriber equipment to the 
network, the response message including a result 

30 (AuthData2) of the authentication procedure and network 
authentication information (AuthData3) which is used by 
the subscriber equipment to perform an authentication of 
the network . 
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52. The subscriber equipment according to claim 51, 
wherein the subscriber equipment is further adapted to 
received a network authentication result (AuthData4) from 
the network, and 
5 the subscriber equipment is adapted to verify the 

network authentication result (AuthData4) . 

52. The network system according to claim 46, wherein 
the subscriber equipment is adapted to repeat the 
10 authentication procedure for a predetermined number of 
times t 
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